Re: IPSEC stop works after r285336

Sun, 26 Jul 2015 11:40:40 -0700 


On 25 Jul 2015, at 1:51, Alexandr Krivulya wrote:


25.07.2015 00:38, John-Mark Gurney пишет:

Alexandr Krivulya wrote this message on Thu, Jul 23, 2015 at 10:38 
+0300:

I have IPSEC tunnel inside l2tp tunnel via mpd. After r285536 I see 
only

outgoing esp packets on ng interface:

This change is -stable, not -current, but the change referenced below
is -current... Which one are you running?

Also, the only ipsec related change after r285535 is r285770, though

that probably won't effect it...  Could you possibly narrow the 
change

that broke things?


root@thinkpad:/usr/src # tcpdump -i ng0

tcpdump: verbose output suppressed, use -v or -vv for full protocol 
decode
listening on ng0, link-type NULL (BSD loopback), capture size 262144 
bytes

10:35:27.331886 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9a5), length 140
10:35:28.371707 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9a6), length 140
10:35:29.443536 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9a7), length 140
10:35:30.457370 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9a8), length 140
10:35:31.475606 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9a9), length 140

10:35:31.622315 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: 
phase

2/others ? inf[E]

10:35:31.622544 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: 
phase

2/others ? inf[E]

10:35:31.622658 IP 10.10.10.2.isakmp > 10.10.10.1.isakmp: isakmp: 
phase

2/others ? inf[E]

10:35:31.623933 IP 10.10.10.1.isakmp > 10.10.10.2.isakmp: isakmp: 
phase

2/others ? inf[E]
10:35:32.492349 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9aa), length 140
10:35:33.509346 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9ab), length 140
10:35:34.527187 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9ac), length 140
10:35:35.539600 IP 10.10.10.2 > 10.10.10.1:
ESP(spi=0x03081e58,seq=0x9ad), length 140

With r285535 all works fine.



Right commit is in subject - r285336.


There were two IPsec related commits after 285336.

Either 285347 or 285526 could be the fix.  If you're OK after those
two commits then the system is in correct working order.

Best,
George

_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"





















					Reply via email to